Strategies to protect your password

It can happen to any of us, and at this rate, it will: Massive collections of passwords from various online services are being posted online (the dark web, mostly) at an alarming rate. Due to a possibly related string of megabreaches, over 640 million passwords have been compromised.

None of this is exactly news, especially to those in tech fields. But it is human nature to take the easy way out, and having to remember secure passwords (a random jumble of 12 or more alphanumeric characters and symbols) is definitely the hard way, especially if you need to remember ten or more distinct cloud services.

So, what should you do? Here are five strategies to protect your password so it can protect you.

1. Check your email address against a breach database
There’s no guarantee that you’re in the clear, but sites like LeakedSource or Troy Hunt’s haveibeenpwned.com can tell you if your email is among the millions recently compromised. If it is, go change all your passwords, especially the important ones, like those for email (work and personal), banking, and social media. Hunt has done some fascinating analyses of password selection patterns, in case you’d like to understand the phenomenon on a deeper level.

2. Always create strong passwords
In general, hackers are smarter, faster and more devious than the rest of us. That’s why U.S. businesses spend billions of dollars each year trying to keep up with them. Your “clever” six-digit password based on your login, email address, hometown, birthdate or favorite fruit can be cracked in seconds by hackers armed with widely available brute-force crackers and password dictionaries.

Per current recommendations, you should aim for an eight-to-16 character password, comprised of a mix of upper and lowercase letters, numbers and symbols. You shouldn’t use any dictionary words, common or famous names, or anything in sequence (abc, 123, qwerty). Don’t use any form of personally identifiable information someone could learn about you: family and pet names, street, car make/model or plate number, birthday, etc.

3. The more random, the better
But, how will you remember them? That’s a good question, and hopefully someday soon we will come up with something more human-friendly than passwords. In the meantime, use a trusted password manager app. As a last resort, write your passwords down and hide them in a locked drawer only you can access. Whatever you do, do not store them on a sticky note on your desk, or in an unencrypted file on your computer, phone or tablet.

Here’s one good trick: Think of a phrase you won’t forget, choose the first letter of each word, and make sure to use some symbols and numbers. For example: “Facebook eats up 5 hours each day!” can become “Feu5h3d!”

4. Good habits go a long way
Finally, try to incorporate good password habits into your life alongside other routines. Pick a chore you have to do every few months and add password updates to it: replacing water filters or toothbrushes, paying taxes, trimming hedges, etc. This would be a good time to check the breach databases again.

Definitely change your password(s) any time you suspect even a chance of compromise. Don’t ignore breach notifications and take immediate action as instructed. Be aware of phishing scams and be skeptical of any request for personal or financial information you receive through an email, phone call or web page. Choose to use two-factor authentication (2FA) wherever it is offered, even if that isn’t automatic and you have to opt-in. Be sure to use 2FA with your most sensitive accounts: email, banking and password managers, for example.

Don’t re-use passwords!

5. What businesses can do
When it comes to protecting passwords and user credentials in workplace settings, the stakes are even higher. Enforcing the use of strong passwords should be central to every organization’s cyber security program, because access to so many services, vendors, applications, devices, databases and industrial systems is now controlled and secured via passwords.

The current state of password use and abuse is shocking and alarming. There are a lot of reasons why we should all do a better job. Our personal and work lives, and the services and products that we use every day, are increasingly dependent on connected digital technology.